output: Add linktype name

Issue: 6954

This commit adds the linktype name to the output stream. The name is
determined from the pcap utility function pcap_datalink_val_to_name

diff --git a/etc/schema.json b/etc/schema.json
index 54d90219ab18f1439d3b100a6121212753be6932..0bf065684d19532d30392131d262ea3faa49b421 100644 (file)
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -3573,6 +3573,10 @@
             "properties": {
                 "linktype": {
                     "type": "integer"
+                },
+                "linktype_name": {
+                    "type": "string",
+                    "description": "the descriptive name of the linktype"
                 }
             },
             "additionalProperties": false

diff --git a/src/output-json.c b/src/output-json.c
index b6ce328cabd987b80db2fe82413dcf06e755975a..72bf2b97720b87ef2587c701ba6633cdc2dbb48d 100644 (file)
--- a/src/output-json.c
+++ b/src/output-json.c
@@ -428,8 +428,16 @@ void EvePacket(const Packet *p, JsonBuilder *js, uint32_t max_length)
         return;
     }
     if (!jb_set_uint(js, "linktype", p->datalink)) {
+        jb_close(js);
         return;
     }
+
+    const char *dl_name = DatalinkValueToName(p->datalink);
+
+    // Intentionally ignore the return value from jb_set_string and proceed
+    // so the jb object is closed
+    (void)jb_set_string(js, "linktype_name", dl_name == NULL ? "n/a" : dl_name);
+
     jb_close(js);
 }